Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,262
NuGet
760
pip
4,058
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11,577 advisories

Loading
Magento discloses sensitive information via the Multishipping Module Moderate
CVE-2021-36038 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability while saving a customer's details Critical
CVE-2021-36025 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU... Critical Unreviewed
CVE-2025-12001 was published Oct 21, 2025
Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19... Critical Unreviewed
CVE-2025-12275 was published Oct 26, 2025
Magento allows attackers to alter the price of items High
CVE-2021-36030 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution vulnerability in the CMS page scheduled update feature Critical
CVE-2021-36021 was published for magento/community-edition (Composer) Sep 6, 2023
A denial-of-service issue was addressed with improved input validation. This issue is fixed in... Low Unreviewed
CVE-2025-43365 was published Nov 4, 2025
A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function... Moderate Unreviewed
CVE-2025-12305 was published Oct 27, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 26.1,... Moderate Unreviewed
CVE-2025-43458 was published Nov 4, 2025
Apache IoTDB: DoS Vulnerability Moderate
CVE-2025-48392 was published for org.apache.iotdb:iotdb-core (Maven) Sep 24, 2025
Apache DolphinScheduler vulnerable to Alert Script Attack High
CVE-2024-43115 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Sep 9, 2025
Apache CXF: Untrusted JMS configuration can lead to RCE Moderate
CVE-2025-48913 was published for org.apache.cxf:cxf-rt-transports-jms (Maven) Aug 8, 2025
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string Moderate
CVE-2024-52279 was published for org.apache.zeppelin:zeppelin-jdbc (Maven) Aug 3, 2025
Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access High
CVE-2025-50151 was published for org.apache.jena:jena (Maven) Jul 21, 2025
Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check Moderate
CVE-2025-53652 was published for org.jenkins-ci.tools:git-parameter (Maven) Jul 9, 2025
MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle... High Unreviewed
CVE-2025-61084 was published Nov 5, 2025
JDBC Driver for SQL Server has improper input validation issue High
CVE-2025-59250 was published for com.microsoft.sqlserver:mssql-jdbc (Maven) Oct 14, 2025
Fidget-Grep andreasmh
Credited to Fidget-Grep and andreasmh
CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12... Moderate Unreviewed
CVE-2025-59596 was published Nov 5, 2025
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280,... Moderate Unreviewed
CVE-2025-54327 was published Nov 4, 2025
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior... Critical Unreviewed
CVE-2025-34300 was published Jul 16, 2025
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204... High Unreviewed
CVE-2025-6558 was published Jul 15, 2025
A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26... Critical Unreviewed
CVE-2025-43342 was published Sep 16, 2025
HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate... High Unreviewed
CVE-2024-42516 was published Jul 10, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database